[cap-talk] charging for spam. What are the implications
devbox at selnet.org
Sun Jan 28 08:23:25 CST 2007
On 28/01/2007, at 13.14, Rob Meijer wrote:
>On Fri, January 26, 2007 04:13, John McCabe-Dansted wrote:
>>> >If we could pick an open source project for this that would be open
>>> >include the patches in the main distro, this might well be worth the
>> I'd pick mutt. Mutt is so open to extra options that it really isn't
>> an email client any more but rather a 4GL programming language to
>> write an email client in. Its users are used to having to fiddle to
>> get things to work, and it is hack as it is less than a megabyte and
>> runs on Windows, Linux, MacOS and many more.
>I've had a look at the Mutt source code, and the sending part seems quite
>straight-forward. The receiving part seems to however rely on external
>programs to do filtering.
>I think I will thus start of with making a patch to mutt for the sending
>part. I was thinking about the folowing, that I would like to hear if
>I'm on the right track.
It is a good research effort :)
>1) We add a config 'capgen_secret' that sets the global variable
>2) We add a config 'known_mailinglists' that defines the path of a file
> that lists any known mailinglists.
>3) In send_message we call a function mutt_add_capability(env) that
> the sender,from and replyto fields with a capability.
>4) In mutt_add_capability we call a new function
> mutt_check_known_mailinglist(env) that checks for any target being
> in the file indicated by 2. If one is found than only the replyto
> is updated with a capability.
>5) To create a cap the folowing algoritm is used:
> A) All target adresses are sorted.
> B) A SHA1 digest D1 is calculated over the sorted addresses.
> C) A low granularity (multiple days or weeks) time string T is
> determined from the current time.
> D) A SHA1 check D2 is created using D1,T and CapSecret as data.
> E) The cap key is created using the base64 encoding of D1,T,D2
>Do you agree this would be a good way to implement it?
It sounds good at first glance.
>The filtering program (maybe a patch to procmail) could use the same
>secret to validate the keys, and could use a list of D1,T combinations
>as revocation lookup.
>If noone thinks this is a bad way to go I could look at patching Mutt
>this. Maybe someone else on the list could bother looking at procmail?
I will volunteer as a tester.
>cap-talk mailing list
>cap-talk at mail.eros-os.org
More information about the cap-talk